Improving the Web of Trust with GNOME Keysign

Presented by:

Tobias Mueller served the GNOME Foundation to achieve their goals of creating and distributing great Free Software products as a Director of the GNOME Foundation for many year. Besides being a Free Software and GNOME lover, Tobias is involved in the German security research community around the Chaos Computer Club. Topics of interest include Platform- and System-Security, Cryptography and Security Protocols. And making all of those usable.

No video of the event yet, sorry!

The keysigning problem helps to strengthen the Web of Trust which is the decentralised PKI in the OpenPGP world.
It depends on people participating by signing other people's keys.
However, when following best practises, the act of signing a key involves secure transfer of the OpenPGP key which contemporary casual key signing protocols for small groups address by exchanging the fingerprint of the key to be signed.
The key will then be downloaded over an untrusted channel and the key obtained needs to be manually verified.

We will see a less stressful approach to signing keys which makes it easy to sign a person's key.
It enables very small groups of people to casually hold very small key signing parties.
The key idea is to automatically authenticate the key material before the transfer via a secure audible or visual channel.
A Free Software implementation of the protocol will be shown and people are invited to sign their keys :-)